Thursday, December 29, 2011

In a recent thread is was suggested that Linux was as vulnerable as Windows is and as proof a list of exploits were given that were published on almost the same day as the discussion. Here is the list that was given:
Quote

Tuesday, December 27, 2011

1. Laziness - The quality that makes you go to great effort to reduce overall energy expenditure. It makes you write labor-saving programs that other people will find useful, and document what you wrote so you don't have to answer so many questions about it. Hence, the first great virtue of a programmer. Also hence, this book. See also impatience and hubris.

2. Impatience - The anger you feel when the computer is being lazy. This makes you write programs that don't just react to your needs, but actually anticipate them. Or at least pretend to. Hence, the second great virtue of a programmer. See also laziness and hubris.

3. Hubris - Excessive pride, the sort of thing Zeus zaps you for. Also the quality that makes you write (and maintain) programs that other people won't want to say bad things about. Hence, the third great virtue of a programmer. See also laziness and impatience.

Monday, December 12, 2011

Apple recently launched its cloud storage service, iCloud. When I tried setting up iCloud on my iPhone4, I was stuck with the verification email problem. The set up wizard kept asking for iCloud email verification but I couldn’t find any option to send or resend iCloud verification email to my email address so that I can verify it. On further research I found that Apple has changed the way it handles Apple ID. Your email address and Apple ID now have to be same; this is unlike how Apple used to handle Apple ID and email address. Till now you could create multiple Apple IDs with one email address or, in other words, a single email address could have been associated with multiple Apple IDs. This got me to the root of the problem why I was not receiving the iCloud verification email. If you are facing the same problem, please follow the steps below to receive iCloud verification email:

1. Go to https://appleid.apple.com/

2. Click on “Find out” link under “Not sure if you have an Apple ID?”

3. Fill out your first name, last name and the email address that you want to use for receiving iCloud verification email.

4. On the next screen, select “Email Authentication” option and click “Next”.

5. Now, go to your Email Inbox and you will find an email from Apple on how to reset the Apple ID password. Click on the “Reset your Apple ID password” link in the email.

6. You will be shown more than one Apple IDs that are associated with your email address.

7. Now, choose the Apple ID that you would NOT like to use for receiving iCloud verification email and click “Next”.

8. Reset the password for this account by providing a new password.

9. Login to Apple ID by visiting https://appleid.apple.com/ and clicking “Manage your account” link. Use the Apple ID that you would NOT like to use for receiving iCloud verification email and the password that you had just set.

Once you have changed the email address for the Apple ID that you would NOT like to use for receiving iCloud verification email, it’s time to set things right in the Apple ID that you would like to use for iCloud services. Just log in to your account https://appleid.apple.com/with Apple ID that you would like to use for receiving iCloud verification email. You should now see the link to resend verification email under your email address. Click on that link, confirm your email address and you will be all set to use iCloud.

Friday, December 9, 2011

Recently i was preparing an application which was based on JSP/Struts, i had a requirement to implement custom font, color selection for each text area on the screen (the screen had multiple text-areas), i found a cool script which allows me to implement visual effects to my text areas, TinyMCE is a platform independent web based Javascript HTML WYSIWYG editor control released as Open Source under LGPL by Moxiecode Systems.

Thursday, November 10, 2011

Recently, There was a need to create JARS which cannot be decompiled as I want to secure my source code.

I found obfuscated jar. bytecode obfuscator modifies the content of source files in such a way that their behaviour is unaffected while minimizing the amount of info from the source code thats exposed. Retroguard was the well known commercial obfuscator for java. There are opensource s/w as well.

CSS Compressor online tool to compress CSS to reduce CSS code size and make your web pages load faster. You can select from four levels of compression, depending on how legible you want the compressed CSS to be versus degree of compression. It is quick, easy and free!

Sunday, November 6, 2011

Recently one of my collegue faced an error as "ORA-01006: bind variable does not exist". We could'nt rectify the reason for this error, later on, we discovered that there was a comma missing in callable statement parameter declaration.

Tuesday, October 18, 2011

First of all thanks for visiting my blog. I recently working on oracle portlets and i had to add multiple portlets on my single page, that created conflict since both portlets had onload events and that created multiple onload events.

Scripts probably conflict most often when using the onLoad event. Have you ever used code like this?

window.onload=myInitFunction;

This is fine if you're sure myInitFunction() will be the only function that needs to be called when the page is loaded. But how can you know for sure? What if a page that calls your script has code in its ? What if there's another external script on the page that also assigns a function to the onload event? The code above will overwrite what was there with your code and that's not good.

Use the function below to add your function without replacing what is already in the onLoad.

Your application is vulnerable to SQL Injection when you send unfiltered strings to the database. Most modern ORM frameworks should take care of it (but don't take my word!... go ahead and check how secure your framework is).
Sometimes, you have to work with plain JDBC (or ODBC). Here is a couple of tricks that help:

1. First and foremost, avoid concatenating strings for SQL queries. Use prepared statements unless is not possible (i.e. cases when you have undefined number of parameters)
2. Leverage the language type system: If you're passing a number, use Integer instead of String... any invalid character will fail the conversion and will not reach the DB.
3. If there's no option but concatenate strings, make sure the database comment quotes are escaped (for example, in DB2 you have to replace the single quote character with 2 single quote characters: instead of "SELECT * FROM users WHERE name='"+param+"'" use "SELECT * FROM users WHERE name='"+param.replaceAll("'","''")+"'"

For something a little more advanced, you can wrap the strings in some kind of "EscapedString" class, and use that class in the signature of the DAOs (related to 2. )

Note: by no means this is a comprehensive list. Application security is very hard, check your database documentation...

The below mysql database query is to to protect your database against MySQL injection through user login forms. This preventive action make spammers stay away from running the database query on your database with out your knowledge

Monday, September 5, 2011

I was asked by my friend few days back that "What will happen to Java, in Oracle's hands ?"

My answer was.. INSERT INTO "Oracle" SELECT * FROM "Sun"

'...Open source will continue at Oracle - along with Java. It could even profit. Just don't expect it to help anybody else.'

It will help. Oracle has more money than SUN.

I don't think it will become more proprietary. IBM, Redhat, Apache etc. will not allow that.

Java is OK. JVM is not OK. But at least we have CacaoVM and some opensource implementations, once Oracle will bastardize it. On the other hand, I don't think they want to screw it up on a main trunk. They did this to RedHat clone, called Oracle Linux, that is completely rubbish distribution. I would more worry about OpenSolaris — there might be started some unpleasant "fun" from Oracle... :-(

Java became popular because of open policies of Sun. Any attempt to commercialize or make Java more proprietary will turn out to be a bad move for technology.

I think Oracle will try to make more money from Java licenses and try to control Java and use it for competitive advantage, which will make other Java vendors insecure and will eventually move away from Java. In a free market Oracle is free to do this, but it will not be good for the technology.

Use it if you like it, don't try to own it

I just hope there won't appear String2 that is null and an empty string at the same time, as they did to VARCHAR... :-)

Below are some of top "MUST HAVE" habits of a great software developer to ensure creating a world class quality coding product ::

1) Self discipline. So much bad code is due to laziness by developers who don't do what they know should be done.

2) Assume the code written doesn't work unless it is proven to work.
Don't assume that things will never fail. In other words, assume things will fail and provide for clean handling of it. Error messages reporting errors are required. Crash on error is unacceptable.

3) Hangs are unacceptable. All code should be bounded in time and an error must be reported if it runs over.
Do your own testing. It doesn't matter if you have a separate test group. Do your own testing anyway.

4) Never assume that a user will never do something with the code. Assume that a user will do anything and everything possible. Provide clean handling and error messages for everything not allowed.

5) The developer should insure that the code compiles with zero warning messages.
Always use a source code repository, even in a “team” of one person. The repository should be backed-up properly.

6) Never check-in code to a main repository that doesn't compile cleanly. Check-in to a branch repository for checkpointing or backups is ok.

7) Teamwork - few things are small enough or require so few skills that one person can do them well.

8) Discipline - do things right *all the time* if you want top quality.
Ability, Experience - one needs to learn on the job; they say you tend to get expert only after 10,000 hours at a skill.

9) Breadth - you need to understand other people's vision not just your own, or what you make will suit you and nobody else.

10) Luck - whether your idea or somebody else's, you need a good idea AND the luck to get it to market at the right time.

11) A good team - what you can't put toward the effort yourself, the rest of the team needs to supply.

12) Knowledge - especially of design patterns (and have to remember that they are giving direction, not the right solution) and frameworks

13) TESTS - they are prooving that the code works. He/she must write tests automatically without thinking: do I have to?

14) Digging in problems - it laverages the knowledge and gives him/her deep understanding of technology

15) Curiosity - to be up to date with other concepts

16) Document everything (tomorrow you do not remember what is in your head today).

17) Pay attention to what your customer - requirements analyst says and work with him/her. Do not assume that you know their needs better. It is their needs. Do not assume that your work is just writting code, it is also discussing your plans and results with your clients.

18) Always plan your next task and sketch a model of what you will build.

19) Always check on the internet for things you need. It is very rare that you were the first to need them. For every hint you get try to give something back to the community. If there is an open source project near your needs use it and expand it. It is better to focus on your new task than reinventing the wheel.

20) Always take some time to check if you need to use a new tool or programming language. A good programmer is not tied to a specific language, however he can be very good or specialized at one or more.

21)Proper error/exception handling... make sure that app should not crash

22)He/She should be 'Continuous Learner' and upgrade their skills in respective domain time to time..

23)Last,but not least, Think 'out of box'. Smart people can easily entertain new ideas, thoughts, and ways of doing things.

edit $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf, add the following lines just before the :
require valid-user
AuthType Basic
require valid-user
AuthType Basic
Please restart apache after you have made this configuration

Tuesday, August 2, 2011

Today i was working on an application that was to be deployed on LIVE oc4j application server. The deployment went successful but when the application was being tested there were many errors as below related to standard. jar that was in OC4J lib and in my application's classpath.

Monday, July 25, 2011

Today, i will show you data loading while page scrolling down with jQuery and PHP. We have lots of data but can not display all. This script helps you to display little data and make faster your website.

When we are scrolling down a webpage, the script($(window).scroll) finds that you are at the bottom and calls the last_msg_funtion(). Take a look at $.post("") eg: $.post("load_data.php?action=get&last_msg_id=35")

Thursday, July 21, 2011

Today I am going to show you how you can create a cool progress indicator to tell your end user that something is going on behind the back of an action. Below is an image of the progress indicator that slides from the top to the middle of the screen then displays the processing message then slides up and disappears once done. This code does not use any other 3rd party jquery plugin to display progress indicator.

Tuesday, July 19, 2011

"The monetization of Java has begun. Sun released the Java 1.6.0_14 JDK and JRE today which include a cool new garbage collector called G1. There is just one catch. Even though it is included in the distribution, the release notes state 'Although G1 is available for use in this release, note that production use of G1 is only permitted where a Java support contract has been purchased.' So the Oracle touch is already taking effect. Will OpenJDK be doomed to a feature-castrated backwater while all the good stuff goes into the new Java SE for Business commercial version?"

To try G1, specify these command line options:
-XX:+UnlockExperimentalVMOptions -XX:+UseG1GC

I don't see anything obvious preventing you from using it (no license/support keys?), it's just not recommended since it's experimental. If you're crazy enough to use it on a production server, you better have a support contract so Sun/Oracle can fix any problems that come along. That seems reasonable.
Although it'd be better if they just said "don't use it for production, period."

Friday, July 8, 2011

Java — both its runtime and compiler — go into an infinite loop when converting the decimal number 2.2250738585072012e-308 to double-precision binary floating-point. This number is supposed to convert to 0x1p-1022, which is DBL_MIN; instead, Java gets stuck, oscillating between 0x1p-1022 and 0x0.fffffffffffffp-1022, the largest subnormal double-precision floating-point number.

Send a Java Program Into An Infinite Loop

Compile this program and run it; the program will hang (at least it does on a 32-bit system with the latest JRE/JDK):

Send the Java Compiler Into An Infinite Loop

Where’s the Problem?

For the runtime case at least, Konstantin has narrowed the problem down to the “correction loop” in FloatingDecimal.java. See his comments on my PHP bug analysis article.
Like PHP, Java gets stuck crossing the normalized/unnormalized border, but in the opposite direction: it starts with an estimate just below DBL_MIN — 0x0.fffffffffffffp-1022 — and is trying to get up to DBL_MIN. but with a twist: it starts with an estimate that is correct — DBL_MIN — and then adjusts it to 0x0.fffffffffffffp-1022. It then adjusts that back to DBL_MIN, and around it goes…

Bug Report

Konstantin reported this problem to Oracle three weeks ago, but is still waiting for a reply. (Update: as per Konstantin’s comment below, the bug has been assigned “internal review ID of 1949967, which is NOT visible on the Sun Developer Network (SDN)”.)

Update: Previous Bug Reports Describe the Same Problem

Readers found two bug reports that describe the same problem (although not in terms of the magic number 2.2250738585072012e-308): bug number 100119 from 2009, and bug number 4421494 from 2001. (But don’t bother clicking on that last one — the link is now dead, as of 2/3/11.)

Addendum

As pointed out in the comments below, equivalent forms of the number cause the problem as well; examples:

Wednesday, June 1, 2011

Recently, we had to release an IPad version of one of our websites, an existing website needed to be converted to display on an IPad. I had a major issue when some one rendered the site from landscape to portrait and from portrait to landscape on an ipad, the site does not get auto fitted.

To overcome this issue, i had to set view port in meta tag on all my jsp pages.

edit $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf, add the following lines just before the :
require valid-user
AuthType Basic
require valid-user
AuthType Basic
Please restart apache after you have made this configuration

Tuesday, March 15, 2011

Recently i needed an autocomplete textbox in which i need to store an ID and display a list. So, i gone for Jquery autocomplete which i was very used to. I have used this before but it was just for single list where i was not storing any ID. I tried my hands on with JSON using Jquery autocomplete but it was not giving me results the way i wanted.

Monday, March 14, 2011

Recently, i had to develop a website which needed a different URL mapping, it needed a url mapping like /France/Paris (ie: country/city).I looked out for many options, first of all i tried it with url rewriting servlet and implemented a filter with it, but it was not exactly the thing i wanted. So i looked out for other options and finally i found UrlRewriteFilter from tuckey.

I downloaded the jars from www.tuckey.org/urlrewrite and configured that in web.xml file.

I found its configuration too easy, you need to configure that in web.xml under filter tag.

i need to generate excel 2007 reports in java, well, i had many options to do this like Jexcel, apache poi, Aspose...but this list got smaller since i had to do this in jdk 1.4, since i had to do this in older jdk, i chose apache poi, but apache poi supports generating xlsx only on jdk 1.6, some blogs says that if we backport then poi can work on older jdk's, so i tried backporting it and converted jars in jdk 1.4, all was done and it worked for generating xls files, but when i changed it for xlsx using XHSSF class, it started throwing errors, i did lot of research but at the end, all was in vain. later on i read somewhere that apache poi backporting leads to serious memory issues on jdk 1.4, so i had gone for Jexcel, well jexcel needs a license and i gotaa use open source so i winded up this idea.

Tuesday, January 25, 2011

Struts 2 framework and its dependencies available currently are compiled using JDK 1.5 and if you want to use same framework on JDK1.4 then you will require to backport these jars. Struts 2 framework core jars and its plugin jars can be translated to JDK 1.4 or 1.3 using Retrotranslator utility.

Retrotranslator is a open source project which does this translation.

You can read more about this on http://retrotranslator.sourceforge.net/

Monday, January 24, 2011

Last week i was facing an issue on inserting Blob data in Oracle 10g database. I tested my application on Jboss container and locally my application was running fine, the real problem i faced when i deployed it on Oc4J container.

I got this error ::: java.sql.SQLException: Data size bigger than max size for this type

I tried everything, even i upgraded my jdbc driver but the problem was still there.

A question I often hear is, “How do I clear a form?”
Initially the answer seems very straightforward – a one-liner in jQuery:

$('form :input').val("");

But upon closer examination we find that this is a bad way to solve the problem. When someone says they want to “clear a form” what they really mean is that they want to clear the visible state from all the form fields. With this in mind, the code above is clearly not the right way to get the job done. First, it will blast away the values of hidden inputs, checkboxes and radio buttons. Not good. The values of those fields should not be altered. And second, it does not properly account for select elements. What we need is something smarter. Here’s a start: